Update of /cvsroot/ruby-dbi/src/lib/dbi
In directory usw-pr-cvs1:/tmp/cvs-serv21166
Modified Files:
dbi.rb
Log Message:
Driver URLs are now case-sensitive when in SAFE mode >= 1. This prevent a security error.
Index: dbi.rb
===================================================================
RCS file: /cvsroot/ruby-dbi/src/lib/dbi/dbi.rb,v
retrieving revision 1.34
retrieving revision 1.35
diff -u -r1.34 -r1.35
--- dbi.rb 1 Aug 2002 19:00:20 -0000 1.34
+++ dbi.rb 22 Oct 2002 15:06:04 -0000 1.35
@@ -439,18 +439,23 @@
found = @@driver_map.keys.find {|key| key.downcase == dc}
return found if found
- # try a quick load and then a caseless scan
- begin
+ if $SAFE >= 1
+ # case-sensitive in safe mode
require "#{DBD::DIR}/#{driver_name}/#{driver_name}"
- rescue LoadError
- $:.each do |dir|
- path = "#{dir}/#{DBD::DIR}"
- next unless FileTest.directory?(path)
- found = Dir.entries(path).find {|e| e.downcase == dc}
- next unless found
+ else
+ # try a quick load and then a caseless scan
+ begin
+ require "#{DBD::DIR}/#{driver_name}/#{driver_name}"
+ rescue LoadError
+ $:.each do |dir|
+ path = "#{dir}/#{DBD::DIR}"
+ next unless FileTest.directory?(path)
+ found = Dir.entries(path).find {|e| e.downcase == dc}
+ next unless found
- require "#{DBD::DIR}/#{found}/#{found}"
- break
+ require "#{DBD::DIR}/#{found}/#{found}"
+ break
+ end
end
end
@@ -466,7 +471,11 @@
return driver_name
end
rescue LoadError, NameError
- raise InterfaceError, "Could not load driver (#{$!.message})"
+ if $SAFE >= 1
+ raise InterfaceError, "Could not load driver (#{$!.message}). Note that in SAFE mode >= 1, driver URLs have to be case sensitive!"
+ else
+ raise InterfaceError, "Could not load driver (#{$!.message})"
+ end
end
def parse_url(driver_url)
|
